**Identity at the AI and Cloud-Native Frontier: KeycloakCon Japan 2026**
The cloud-native landscape is evolving at a breathtaking pace, and two of its most significant trends—the rise of autonomous AI agents and the relentless push for hardened infrastructure—are converging. In this new era, identity is no longer just a login function; it is the central control plane for security, authorization, and trust. Recognizing this, the Keycloak community is proud to present KeycloakCon Japan 2026, a focused, half-day event taking place just steps from the main stage of KubeCon + CloudNativeCon Japan.
Scheduled for Tuesday, July 28, 2026, in Yokohama, this event is designed for architects, engineers, and maintainers who are building the future. It cuts through the hype to address the most pressing technical challenges of our time: how to secure AI agents, how to protect supply chains, and how to operate identity infrastructure at scale. Below is a guide to what you can expect and why you should add KeycloakCon to your KubeCon pass.
### **Identity for the AI Era: Solving the “Confused Deputy” and MCP Governance**
The dominant theme of this year’s conference is the explosive emergence of autonomous AI agents and the Model Context Protocol (MCP). When an AI agent acts on a user’s behalf, it traverses multiple trust boundaries, calling APIs and accessing data. This dynamic breaks traditional, perimeter-based security models.
KeycloakCon Japan tackles this head-on with a technical deep dive into open identity standards. The sessions argue that purpose-built AI identity vendors are an unnecessary layer of complexity. Instead, the event showcases that the core primitives for AI security—OAuth 2.0 token delegation, token exchange, fine-grained scope enforcement, and comprehensive audit trails—are already mature and production-ready within Keycloak.
* **Architecture and Real-World Scale:** Experts from Midships Global and LY Corporation will explore Identity Assertion JWT Authorization Grants (ID-JAG). They will demonstrate how to externalize authorization from fragmented MCP servers and, using real-world examples from platforms like LINE and Yahoo! JAPAN, show how to unify Keycloak with CNCF Athenz to eliminate the infamous “Confused Deputy” vulnerability.
* **Zero-Trust for AI Workloads:** A session from TUBITAK will introduce a keyless workload identity pattern for Kubernetes. By leveraging SPIRE for runtime identity (JWT-SVIDs) and DPoP to block token replay, organizations can achieve zero static credentials, ensuring security without operational burden.
### **Hardening Cloud-Native Infrastructure: From Build to Service Mesh**
Identity extends beyond the user login screen. Modern platform engineering requires verifying the identity of code, pipelines, and microservices. This track focuses on integrating identity seamlessly into the fabric of cloud-native operations.
* **Binding Identity to Code:** A major session will detail how to wire Keycloak directly into Sigstore’s keyless signing flow. By using Keycloak as an OIDC provider, every artifact signature can be cryptographically bound to a verified human or machine identity, closing a critical gap in the software supply chain.
* **Platform-Level Authorization:** In a highly technical lightning talk, Keymate will demonstrate how to use Keycloak Authorization Services as a centralized policy control plane. By integrating with Istio Ambient mesh and WebAssembly (WASM) enforcement, teams can inspect and authorize service-to-service traffic without changing a single line of application code.
### **Operational Survival: Roadmaps, Rotations, and Evolution**
Running an identity platform at enterprise scale comes with long-term operational risks. KeycloakCon provides the roadmap to manage these challenges.
* **The Certificate Expiry Crisis:** A critical session will address a looming time bomb for many organizations: the hardcoded 10-year expiry of Keycloak’s built-in realm signing certificates. A talk from Nomura Research Institute will explain the operational risks of global realm key rotation and introduce a vital upstream solution: per-client signing key selection, which allows for safe, incremental migration.
* **The Future is Now:** The conference will also feature a fast-paced look at Keycloak’s latest features. Expect a demo-rich session on machine identity support via SPIFFE/SPIRE, strong human authentication with Passkeys, and automated user synchronization across domains using SCIM.
### **FAQ**
**Q: Who should attend KeycloakCon Japan?**
A: The event is ideal for platform engineers, security architects, DevOps leaders, and application developers responsible for securing cloud-native environments, managing identity, and building with AI agents.
**Q: Do I need a separate ticket for KeycloakCon?**
A: Yes, KeycloakCon is an add-on to a standard KubeCon + CloudNativeCon Japan 2026 pass. You must register for the main conference and then add the KeycloakCon option to your cart.
**Q: What is the format of the event?**
A: The event is a half-day, single-track intensive session running from 09:00 to 12:30. It is followed by an evening reception sponsored by Octopus Deploy.
**Q: Where will the event take place?**
A: KeycloakCon Japan 2026 will be held at the Pacifico Yokohama, 3rd Floor, Rooms 313+314.
**Q: What topics will be covered?**
A: The agenda is built around four pillars: 1) Identity for the AI Era, 2) Hardening Cloud-Native Infrastructure, 3) Production Operational Survival, and 4) Project Evolution and Community.
### **Conclusion**
KeycloakCon Japan 2026 is more than a conference; it is a critical gathering for anyone building the secure, automated, and identity-centric future of cloud-native computing. In an era defined by AI agents and complex supply chains, understanding how to implement and operate robust identity solutions is paramount.
By attending KeycloakCon, you will gain actionable insights directly from the engineers building these tools. You will learn how to leverage open standards to solve today’s most difficult security challenges, from AI governance to supply chain integrity. Don’t miss this opportunity to connect with the community that is shaping the future of identity. Secure your seat today and be part of the conversation defining the next decade of cloud-native security.



